CERTIFIED-IN-CYBERSECURITY · Question #236
CERTIFIED-IN-CYBERSECURITY Question #236: Real Exam Question with Answer & Explanation
The correct answer is D: ...To identify, assess, and prioritize risks, and implement appropriate controls to minimize their. Risk management is a proactive process of identifying, assessing, and prioritizing risks. Appropriate controls are then selected and implemented to reduce or mitigate the potential impact of identified risks (see ISC2 Study Guide, Module 2, under Risk Management Process). The pri
Question
The PRIMARY objective of the Risk Management process is...:
Options
- A...To minimize the implementation cost of security controls and countermeasures
- B...To identify potential risks invest and only in reactive countermeasures
- C...To eliminate all risks associated with an organization's information and assets
- D...To identify, assess, and prioritize risks, and implement appropriate controls to minimize their
Explanation
Risk management is a proactive process of identifying, assessing, and prioritizing risks. Appropriate controls are then selected and implemented to reduce or mitigate the potential impact of identified risks (see ISC2 Study Guide, Module 2, under Risk Management Process). The primary objective of the risk management process is not to eliminate all risks, as this is often impractical and not cost- effective. Instead, the goal is to bring risks down to an acceptable level. It is important to note that minimizing the implementation of security controls and countermeasures can expose an organization to unnecessary risk. Focusing solely on reactive countermeasures goes against the principles of comprehensive risk management and may result in severe impacts.
Topics
Community Discussion
No community discussion yet for this question.